VLAN configuration of LAP in H-REAP WLC Setup

Hello,
I have a setup configured fairly simple, I think. We have a 4402 WLC at our corporate office. We also have 6 1131's split into two deployments at different offices. We have a common SSID structure across all of them (corporate and guest). Corporate works properly authenticating against Active Directory, and guest authenticates properly via the guest database. The thing I cannot get my mind around is the proper method for configuring these two SSID's to be on separate VLAN's. If it were all local, I think I'd have no problems. Do I need to configure a virtual interface on the controller? Do I need a separate one for each office? The VLAN won't exist in the corporate office (unless it needs to). My goal is to isolate guest access into it's own subnet and run it straight out to the Internet without touching the local satellite network. Thanks!
Sean

Ok, think I figured it out. I changed the VLAN mappings via each AP edit page and all seems well. Originally I was going to try and push the VLAN configurations for both offices via the "guest" WLAN policy, which is where I think my confusion arose. By doing that, I needed to assign the configuration through an Interface (I'm guessing). If anyone has a better suggestion, please let me know. Thanks!

Similar Messages

  • 1252 LAP won't join WLC

    Hi all
    I'm having an issue with a 1252 LAP that is connected to the WLC over a WAN link.
    Basically, it won't associate. The following is taken from a console into the LAP:
    *Mar 1 00:00:07.799: %LINK-3-UPDOWN: Interface GigabitEthernet0, changed state to up
    *Mar 1 00:00:08.799: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0, changed state to up
    *Mar 1 00:00:26.851: %LWAPP-5-CHANGED: LWAPP changed state to DISCOVERY
    *Mar 1 00:00:27.003: Logging LWAPP message to 255.255.255.255.
    %CDP_PD-4-POWER_OK: Full power - NEGOTIATED inline power source
    %CDP_PD-4-POWER_OK: Full power - NEGOTIATED inline power source
    %DHCP-6-ADDRESS_ASSIGN: Interface GigabitEthernet0 assigned DHCP address 10.148.x.x, mask 255.255.255.0, hostname AP002
    2.90a3.533a
    Translating "CISCO-LWAPP-CONTROLLER.nation.radix"...domain server (10.x.x.x)
    %LWAPP-3-CLIENTEVENTLOG: Controller address 10.x.x.x obtained through DHCP
    %LWAPP-3-CLIENTEVENTLOG: Did not get log server settings from DHCP.
    %SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 255.255.255.255 started - CLI initiated
    %LWAPP-3-CLIENTEVENTLOG: Performing DNS resolution for CISCO-LWAPP-CONTROLLER.nation.radix
    %LWAPP-3-CLIENTERRORLOG: DNS Name Lookup: could not resolve CISCO-LWAPP-CONTROLLER.nation.radix
    %LWAPP-5-CHANGED: LWAPP changed state to JOIN
    %LWAPP-3-CLIENTERRORLOG: Join Timer: did not recieve join response (controller - Fxxxxxxx)
    %LWAPP-3-CLIENTERRORLOG: Set Transport Address: no more AP manager IP addresses remain
    %SYS-5-RELOAD: Reload requested by LWAPP CLIENT. Reload Reason: DID NOT GET JOIN RESPONSE.
    %LWAPP-5-CHANGED: LWAPP changed state to DOWN
    IOS Bootloader - Starting system.
    Xmodem file system is available.
    The ap-manager interface is configured correctly and there isn't a duplicate IP address.
    The LAP was initially stand alone and was converted to LWAPP.
    The MTU over the WAN link is 1500 bytes.
    All I'm getting from the WLC debugs is:
    Mon Jul 20 11:42:59 2009: 00:22:xx:xx:xx:xx Received LWAPP DISCOVERY REQUEST from AP 00:22:xx:xx:xx:xx to 00:19:xx:xx:xx:xx on port '29'
    Mon Jul 20 11:42:59 2009: 00:22:xx:xx:xx:xx LWAPP Discovery Request AP Software Version: 0x3003300
    Mon Jul 20 11:42:59 2009: 00:22:xx:xx:xx:xx Successful transmission of LWAPP Discovery Response to AP 00:22:xx:xx:xx:xx on port 29
    So basically the join messages don't seem to reach the WLC. In fact they don't even seem to reach the local router on the remote subnet. The discovery packets are seen on the local router but the joins don't seem to appear at all.
    I'm not sure if it's a latency issue. Average latency over the WAN link is under 70ms.
    I'm assuming the certificate on the WAP is MIC and the MAC details have been entered into the WLC AP Security policies for authentication. I'm not seeing any debugging messages relating to bad authentication at all.
    I can't debug from the LAP as it's LWAPP, obviously.
    I've been through many Cisco documents trying to troubleshoot the problem, including this http://www.cisco.com/en/US/products/ps6366/products_tech_note09186a00808f8599.shtml, but can't find a solution.
    We're running WLC version 4.2.130.0.
    Can anyone help?
    Thanks
    Brodie

    I assume you have connected to router's AUX and doing reverse telnet. You should be getting Password: prompt on your LAP's console. Password and Enable are both Cisco. Below is console output from my lab's 1250 LAP after erasing configuration (which can only be initiated from controller). In my case, the vlan is not configured with Option 43 and no proper DNS, so LAP doesn't join the controller.
    By the way, your best bet might be to convert this LAP back to IOS and then back to LAP again. Use this method:
    http://www.cisco.com/en/US/docs/wireless/access_point/conversion/lwapp/upgrade/guide/lwapnote.html#wp160918
    Do you have "Authorize APs against AAA" checked under Security > AP Policies in any of your WLCs ?
    Press RETURN to get started!
    *Mar 1 00:00:07.099: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot11Radio 0
    *Mar 1 00:00:07.619: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot11Radio 1
    *Mar 1 00:00:08.595: %LINK-3-UPDOWN: Interface GigabitEthernet0, changed state to up
    *May 10 23:17:25.199: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0, changed state to up
    *May 10 23:17:26.155: %SYS-5-RESTART: System restarted --
    Cisco IOS Software, C1250 Software (C1250-K9W8-M), Version 12.4(10b)JDC, RELEASE SOFTWARE (fc2)
    Technical Support: http://www.cisco.com/techsupport
    Copyright (c) 1986-2009 by Cisco Systems, Inc.
    Compiled Fri 01-May-09 10:49 by prod_rel_team
    *May 10 23:17:26.155: %SNMP-5-COLDSTART: SNMP agent on host ap is undergoing a cold start
    *May 10 23:17:27.183: %SSH-5-ENABLED: SSH 2.0 has been enabled
    *May 10 23:17:27.387: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
    *May 10 23:17:27.387: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
    *May 10 23:17:28.439: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
    *May 10 23:17:28.439: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
    *May 10 23:17:30.783: %LWAPP-3-CLIENTERRORLOG: ../lwapp/lwapp_l2.c:152 - discarding msg type 12 in state 0
    *May 10 23:17:30.783: %CDP_PD-4-POWER_OK: Full power - AC_ADAPTOR inline power source
    *May 10 23:17:30.795: %DOT11-6-FREQ_SCAN: Interface Dot11Radio0, Scanning frequencies for 16 seconds
    *May 10 23:17:44.571: %LWAPP-5-CHANGED: LWAPP changed state to DISCOVERY
    *May 10 23:17:44.731: Logging LWAPP message to 255.255.255.255.
    %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
    %LINK-3-UPDOWN: Interface Dot11Radio1, changed state to up
    %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
    %SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 255.255.255.255 started - CLI initiated
    %LINK-3-UPDOWN: Interface Dot11Radio1, changed state to up
    %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
    %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
    %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
    %LINK-3-UPDOWN: Interface Dot11Radio1, changed state to up
    %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
    %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
    %DHCP-6-ADDRESS_ASSIGN: Interface GigabitEthernet0 assigned DHCP address 172.16.8.3, mask 255.255.255.0, hostname AP0022.558e.24bc
    User Access Verification
    Password:
    AP0022.558e.24bc>en
    Password:
    AP0022.558e.24bc#show lwapp ?
    client LWAPP Client Information
    ids LWAPP IDS Information
    ip LWAPP IP configuration
    mcast LWAPP Mcast Information
    reap LWAPP REAP Information
    rm LWAPP RM Information
    AP0022.558e.24bc#show lwapp client config
    AP0022.558e.24bc#
    AP0022.558e.24bc#ping 3.45.47.143
    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 3.45.47.143, timeout is 2 seconds:
    Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
    AP0022.558e.24bc#

  • Adding more VLANs for mapping for an H-REAP AP

    Why can't I add more locally switched VLANs to the VLAN mapping table of an H-REAP AP... I have a total of 3 but as I understand it I can have a maximum of 8 locally switch H-REAP VLANs...
    What abd
    Basic config from command line is
    interface create lme-spare 703
    interface vlan lme-spare 703
    interface port lme-spare 1 2
    apgroup add default-group
    apgroup interface-mapping add default-group 4 lme-spare
    wlan apgroup nac-snmp disable default-group 4
    wlan create 4 XTS testing xts-lme
    wlan nac snmp disable 4
    wlan interface 4 lme-spare
    wlan multicast interface 4 disable
    wlan broadcast-ssid disable 4
    wlan radio 4 802.11g-only
    wlan session-timeout 4 1800
    wlan h-reap local-switching 4 enable
    wlan h-reap learn-ipaddr 4 enable
    wlan wmm allow 4
    However, add another mapping doesn't work...
      (Cisco Controller) config>ap h-REAP vlan wlan 4 703 ?
      <Cisco AP>     Enter the name of the Cisco AP.
      (Cisco Controller) config>ap h-REAP vlan wlan 4 703 tradefloorAP1
      Invalid parameter specified.
    (Cisco Controller) config>
    Where am I going wrong- could have couple of pointers please?

    Hello Adrian,
    The VLAN mapping is not taking hold because that AP is currently not servicing WLAN 4 (from the screenshot). Is this AP part of an ap group? If so, have you added wlan 4 to that AP group configuration?
    If the AP is in the default-group, then it should be servicing wlan 4...
    What version of WLC code and model of AP are in use?
    -Patrick Croak
    Wireless TAC

  • How-do-i-configure-guest-wifi-access-using-2504-wlc-fortigate-utm-l3-device

    Dear All
    I have a 2504 Wireless Controller with multiple radios attached. I currently have a "private" WLAN configured (taking ip from windows server based DHCP of Range 192.1681.0/24 ) and working, but I need to add a Guest/Public WLAN which should take the IP from Other DHCP Configured on Fortigate UTM of range 172.16.0.0/24.
    We have one SG300 switch in the office and the rest are basic switches.
    Our firewall/router is a Fortigate UTM 240D
    Find the attached network diagram for the issue.
    Is there a SIMPLE way to enabling guest access that doesn't require VLANS (or are VLANS easier than I'm making them)? 
    Thanks.
    - See more at: https://supportforums.cisco.com/discussion/12473186/how-do-i-configure-guest-wifi-access-using-2504-wlc-fortigate-utm-l3-device#sthash.aj1XcWI0.dpuf

    Complete these steps in order to configure the devices for this network setup:
    http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-vlan/70937-guest-internal-wlan.html
    Configure Dynamic Interfaces on the WLC for the Guest and Internal Users
    Create WLANs for the Guest and Internal Users
    Configure the Layer 2 Switch Port that Connects to the WLC as Trunk Port

  • LAP local - frequently disassociated WLC

    Hi,
    I have a WLC 4402-40 with code 5.0.148.0 with 27 APs.
    Two APs are often disassociated from the WLC.
    Two APs are the same model of others and all APs are in local LAN.
    This is the Time Statistics:
    Time Statistics
    UP Time
    Controller Associated Time
    Controller Association Latency
    The others APs have the sam Controller Associations Latency.
    Is there a log that can give a informations as to why the APs are disassociated?
    These two APs I configured the name of the primary WLC.
    Regards.
    Mirko Severi.

    Correct, if you are using a controller setup then H-REAP with local switching is the only way to dump traffic locally to the AP.

  • HREAP VLAN configuration

    For no apparent reason hreap access point loses it vlan configuration in vlan mapping. Has anyonr see this?

    Enter the Detail page of the desired access point, select the H REAP tag again, and click VLAN Mapping in order to configure the 802.1Q tagging per locally switched WLAN.

  • Application Administrators can't see VLAN configuration on VMs in VMM 2012 R2

    Hi, I have the following issue on my VMM 2012 R2 infrastructure.
    I have created a cloud with a Hyper-V Cluster in it. Configured a Application Administrator Role (Self Service) and assigned all permissions related to this cloud and Hyper-V Cluster, including a couple of VM Templates and a VM Network.
    They users can see the VMs, create VMs but they cannot configure the VLAN inside the VM.
    If I go to the VM settings using the full VMM admin, I can do it, select the VM Network and then select the appropiate VLAN, but when I try to do this using the Application Administrator account I configured specifically to this Cloud and Cluster, I can
    select the same VM Network but can't see any options related to VLAN configuration.
    What am I missing? Is this the default behavior? Do I need an additional permission? Where?
    Thank you for your responses.
    Regards.
    Eduardo Rojas

    That is correct.
    Application Admins 'consume' resources (compute and storage) and have no insight into the physical part.  Especially if you are using the cloud abstraction.  "Administrators" manage the physical layer of things - that is why you can see
    / set the VLAN ID directly.
    I believe that you would need to create your Virtual Networks with the proper VLANs and the application admins can then choose based on the Virtual Network.
    The worst case is that you define a Virtual Network per VLAN so that your application admins can select an item that correlates to a specific VLAN configuration.
    Brian Ehlert
    http://ITProctology.blogspot.com
    Learn. Apply. Repeat.

  • VLAN Configuration for Internal and Guest Wireless

    Hello,
    We are using the following hardware…
    SG300-52MP switch -- latest firmware
    ASA 5512-X firewall -- 9.1
    Aironet AP1131AG WAP
    We have the following networks…
    10.252.4.0/24 = Internal = ASA-01 interface = VLAN1
    10.252.6.0/24 = Guest = ASA-02 interface = VLAN6
    10.252.6.0/24 = VOIP = ASA-03 interface = VLAN3
    The Aironet supports two SSIDs, Secure (RADIUS) and Guest (WPA2), which are supposed to provide access to the appropriate interface on the ASA.
    Relevant parts of the WAP configuration are…
    dot11 ssid GUEST
       vlan 6
    dot11 ssid SECURE
       vlan 1
    interface Dot11Radio0
    no ip address
    ssid GUEST
    ssid SECURE
    interface Dot11Radio0.1
    encapsulation dot1Q 1 native
    no ip route-cache
    bridge-group 1
    interface Dot11Radio0.6
    encapsulation dot1Q 6
    no ip route-cache
    bridge-group 255
    interface Dot11Radio1
    no ip address
    no ip route-cache
    ssid GUEST
    ssid SECURE
    interface Dot11Radio1.1
    encapsulation dot1Q 1 native
    no ip route-cache
    bridge-group 1
    interface Dot11Radio1.6
    encapsulation dot1Q 6
    no ip route-cache
    bridge-group 255
    interface FastEthernet0
    no ip address
    no ip route-cache
    interface FastEthernet0.1
    encapsulation dot1Q 1 native
    no ip route-cache
    bridge-group 1
    interface FastEthernet0.6
    encapsulation dot1Q 6
    no ip route-cache
    bridge-group 255
    interface BVI1
    ip address 10.252.4.4 255.255.255.0
    no ip route-cache
    ip default-gateway 10.252.4.1
    We can manage the WAP through it’s Internal IP address (10.252.4.4).
    And the “Guest” wireless network is working -- connecting to that SSID provides the client with the correct IP addressing (10.242.6.X from VLAN6/ASA-02).  [Note:  the VOIP DHCP and network access also works correctly.]
    The “Secure” wireless network is not working however -- the client never receives an Internal DHCP address from ASA-01, and even if you hard-code the client’s IP, no IP4 traffic ever passes.
    [Note:  connecting a device to a SG300 port with the “Default” configuration provides the client with an Internal DHCP configuration, and it works as intended.] 
    While this may be a problem with the WAP configuration, I would like to confirm that it is not an issue with the switch not passing traffic correctly.
    I have a feeling that I have configured the VLANs on the ports incorrectly.
    Relevant parts of the SG300 configuration are...
    v1.3.0.62 / R750_NIK_1_3_647_260
    vlan database
    vlan 3,6
    ip dhcp snooping
    ip dhcp relay address 10.252.4.1
    ip dhcp relay enable
    bonjour interface range vlan 1
    interface vlan 1
    ip address 10.252.4.2 255.255.255.0
    no ip address dhcp
    interface vlan 3
    name VOIP
    interface vlan 6
    name Guest
    interface gigabitethernet45 -- Access mode, Untagged VLAN6
    description ASA-Guest
    ip dhcp snooping trust
    switchport mode access
    switchport access vlan 6
    interface gigabitethernet46 -- Access mode, Untagged VLAN3
    description ASA-VOIP
    ip dhcp snooping trust
    switchport mode access
    switchport access vlan 3
    interface gigabitethernet47 -- Trunk mode, Untagged VLAN1 and Tagged VLAN6
    description WAP1
    switchport trunk allowed vlan add 6
    interface gigabitethernet48 -- Trunk mode
    description ASA-Internal
    ip dhcp snooping trust
    ip dhcp relay enable
    Can someone who understands this switch better than I do please confirm the VLAN configuration?  THANK YOU!

    Welcome to the discussion area!
    +PCI regulations do not consider VLAN a secure way of keeping the data isolated. Does anyone have any technical information on how the device creates the guest wireless network ?+
    I spoke to Apple Support some time ago and was told that Apple uses VLAN to create the Guest network, and also that formal documentation was not available on this topic. I was referred to the AirPort Extreme Specifications for available information.
    This was some time ago, so if you need more up to date info, you might want to try to contact Apple to see if they are willing to share more information about this feature. Although, since VLAN is used, your question may already be answered.
    FWIW, to use the Guest Network feature in a home situation, the AirPort Extreme must be set up as the main router controlling DHCP and NAT on the network. If you were thinking of installing the AirPort Extreme behind another router, the Guest Network feature would not be available in this type of configuration.

  • Fwsm - active/standby - "Vlan configuration mismatch between peers"

    Hi,
    A FWSM pair fall in to active active sittuation due to a vlan configuration mismatch. What would be the best way to synchronize configurations and return to the normal active/standbay? There is a new vlan on the primary fwsm and at present both are in active state.
    Thank you in advance.
    Zdravko

    Hi,
    To my understanding the FWSMs (even though both active) have identical configurations?
    Have you perhaps done so that on the core switch you have only issued the "firewall vlan-group only on the primary core device (to which the FWSM is attached) and not the secondary core device?
    The only time I have witnessed the same situation is when configuring a new customer link and I have only configured the primary unit (and about to configure the same on the standby unit)
    Hope it helps, not sure if the above was what you meant.
    - Jouni

  • CiscoWorks: VLAN creation failed via CM-VLAN Configuration

    Hi,
    I have trying to create VLAN on single switch via CM-VLAN Configuration and getting below message, although switch is configured with correct snmp and I can backup same device via RME and also delopy config to it via Netconfig.
    Please advice. Thanks
    I am using LMS 3.2.1; CM 5.2.2; RME 4.3.2
    Creation of VLAN failed
    "There were some errors during operation."
    Failed to perform the operation on 10.*.*.* Cause:An error occured while performing SNMP operation.
    Action:Examine and save the server log file and report the error to the product administrator for further action.

    The credentials can be changed under Common Services > Device and Credentials > Device Management.  Select the devices and click the Edit Credentials button.  Fill in the correct username and password for these devices.

  • Multiple SSID With Multiple VLANs configuration on Cisco Aironet APs: Assotiated clients cannot obtain IP addresses

    Hi Surendra,
    I was just given this task to see how i can configure a second ssid for guest access in our environment.
    this is our network setup prior to this request: Internet----Firewall (not ASA)---ce520---C1131AG and CME router is also connecting to the ce520 switch. we only have two vlans: one for voice and two for data.
    Presently, there is no vlan configured on the AP because it on broadcasting ont ssid and wireless users gets IP from a windows DHCP server on the LAN. the configuration on the ce520 switch port for the AP and other switches say access vlan is the DATA vlan which automatically becomes the native vlan for all trunk port connecting the AP and other Stiches to the network.
    Now with this new requirement, i have made my research and i have configured the AP to broadcast both the production and the guest Vlans. The two vlans are 20-DATA and 60-Guest. I made the DATA vlan on the AP the native vlan since the poe switch is using the DATA vlan as native on the trunk ports. I configured the firewall to serve as DHCP server for the guest ssid and i have added the ip helper-address on the guest vlan interface on all switches while the windows server remains the dhcp server for the production DATA Vlan. I have confirmed that the AP, switches can ping the default gateway of the guest dhcp server which is another interface on the firewall. I can now see and connect to all broadcasted ssids but the problem is I am not getting IP addresses from both the production dhcp server and guest dhcp server when i connected to the ssid one at a time.
    My AP config is attached below.
    Please tell me what am I doing wrong.
    Do i need to redesign the whole network to have a native vlan other nthan the data vlan?
    Does the access point need to be aware of the voice vlan?
    Do the native Vlan on the AP need to be in Bridge-group 1 or can i leave it in bridge-group 20?
    I will greatly appreciate your urgent response.
    Thanks in advanced.

    Hi,
    As far as i know we dont set the ip helper address on the radio interface. It should be on the L3 interface of corresposding VLANs i.e.
    int vlan 20
    ip helper-address 192.168.33.xxx
    int vlan 60
    ip helper-address 130.20.1.xxx
    I'm assuming that your using SVI's (int Vlan 20 and int Vlan 60) rahter than physical interfaces. Also hope you have configured switch port as trunk where this AP is connected.
    Modify the AP config as below since you are using data vlan as the native vlan
    interface Dot11Radio0.20
    encapsulation dot1Q 20 native
    interface FastEthernet0.20
    encapsulation dot1Q 20 native
    Ideally your AP fastethernet configuration should looks like below and not sure how you missed this as this comes by default when you have multiple vlans for multiple ssids.
    interface FastEthernet0.20
    encapsulation dot1Q 20 native
    no ip route-cache
    bridge-group 20
    no bridge-group 20 source-learning
    bridge-group 20 spanning-disabled
    interface FastEthernet0.60
    encapsulation dot1Q 60
    no ip route-cache
    bridge-group 60
    no bridge-group 60 source-learning
    bridge-group 60 spanning-disabled
    Hope this helps.
    Regards
    Najaf

  • EA6500 - VPN interface and VLan configuration feature?

    Does EA6500 has any kind of built-in VPN interface and also built-in VLan configuration feature??

    This particular router has VPN passthrough and you may open ports when needed for VPN to work behind it. As for VLAN configuration, this router is not designed for that. Everything that you would like to know about the router just click here

  • Getting past "Fetch VLAN configuration - Command failed" errors in Cisco Prime Infrastructure 2.0 - How?

    I've got a handful of devices in Cisco Prime Infrastructure 2.0 which show up in the "Archive Failed Devices" view.  The "Failure Reason" is some variation of "Fetch VLAN configuration - Command failed" sometimes including "TELNET: Failed to establish TELNET connection to x.x.x.x".  What does this mean?  How do I overcome this?  In all cases, the device is configured to use SSH and has valid SSH credentials.  In all cases, I can SSH from the command line of the NCS appliance to the devices listed in the "Archive Failed Devices" view.

    Hi
    I was able to fix the "Fetch VLAN configuration - Command failed" by allowing tftp from the device to PI server in firewall. See if this can help.

  • Prime Infrastructure 2.1 - Fetch VLAN Configuration - command failed

    Hi,
    i am installing the system on a customer's site.
    i've noticed that most of the devices configured on the PI have resulted in error in the Configuration Archive with this error:
    Fetch VLAN Configuration - command failed.
    i checked that the tftp service on the PI is enabled.
    i tried manually executing from a device: copy flash:vlan.dat tftp://PI_IP and couldnt manage to do so.
    i also tried manually to do it to another tftp server and it worked.
    i dont see any FW drops.
    does anyone have any idea how to troubleshoot this?
    thanks in advance!

    As to get the VLAN information, the file in Cisco devices Flash : Vlan.dat is fetced, and if PI fails to do so, it gives this error. As it is a file in flash, PI needs to send it over to Server itself using TFTP.
    If TFPT is somehow not working between Server and devices, it may throw this error.
    Is it happening with all the devices or some perticular platform?
    If with all the device, you need to check if there is any Firewall blocking TFTP access to devices.
    Also, you can check if TFTP service on CPI is working properly by command ncs status.
    If service is affected, try to restart service - service tftp restart Or you can restart the PI Machine itself.
    -Thanks
    Vinod
    **Encourage Contributors. RATE Them.**

  • SA540 VLAN Configuration Question

    I need to connect 2 internal LANs to the SA540 but cannot work out how to set the IP addresses for the 2 VLANs on this device.  Does anyone know how to setup the relevant IP addresses for the 2 VLANs? Example: VLAN 2 IP = 192.168.5.10 and the second VLAN IP = 192.168.10.10The WAN port will connect to a single Internet device.  Any help will be greatly appreciated.

    Hi Ratan,
    The following steps apply to latest MR Firmware version 2.1.18.
    1) The first thing you need is to enable VLAN (Networking ->LAN -> VLAN Configuration -> Enable VLAN? {check this}).
    2) Next you have to create the second VLAN (Networking ->LAN ->Available VLANs ->Add...)  Name it and use the ID to associate the VLAN to (2).  If you want inter VLAN Routing to be enabled leave the box checked, otherwise uncheck it.
    3) Next we specify/edit the subnet that your new vlan will use.  (Networking ->LAN -> Multiple VLAN Subnets)  Look for the VLAN ID created above (2), and Click the Edit button.  Modify the subnet parameters as needed.
    4) Finally we assign the SA 500 ports to use the VLANS.  (Networking ->LAN ->Port VLAN)  Setup the port's Mode as Access, General, or Trunk, and assign VLAN membership as well.
    See screenshots for clarity.  If you need to create more VLANs, repeat steps 2-4 as needed.
    Hope this helps,
    Julio

Maybe you are looking for

  • Oracle Custom Workflow Redesign best practices

    Hi All, Morning , need some help with this scenario. We are in the process of redesigning existing developed custom Oracle Workflows in our system ( Oracle Apps Release 12.0.6 ) hence wanted to know if there are steps or guidelines/best practices whi

  • User Settings lost after session is released

    I am having a problem with the User settings being lost after the user logs off the system. menu settings, fields displayed in Marketing  Documents,  displayed User Defined fields and the sequence of User defined fields get lost after the session end

  • Export Data of Tables in Oracle to format DBF

    People, I need your help! I have a question...How I do for to export the a table (data) Oracle to format table in DBF using PL/SQL? Please, I am waiting an answer... Thanks a lot Tavares, Marcelo

  • Iphone changes time in calendar sync with Mac?

    Can anyone help? I have a 24" mac running Leopard 10.5.7 and an iPhone 3G. When I sync the two any calendar events I have on the Mac arrive on the iPhone with the time changed by 8hrs (it moves them 8 hours earlier). Does anyone know what I have to d

  • Error 4SNS/1/40000000:TWOP-128.000

    Helo. On my MacBook Air first generation with all update made, until few hours ago the wireless was fine. But during a connection I lost signal and the card was no more found. With the Apple Hardware Test (reboot with D) I found the error: 4SNS/1/400